Privacy Enhanced QKD Networks: Zero Trust Relay Architecture based on Homomorphic Encryption

Here is an explanation of the paper using simple language and creative analogies.

The Big Problem: The "Glass House" Relay

Imagine you want to send a super-secret message from Alice in London to Bob in Tokyo. You can't send it directly because the signal gets too weak over such a long distance. So, you need a chain of Relay Stations (like post offices) in between to pick up the message, boost it, and send it to the next station.

In current Quantum Key Distribution (QKD) networks, these relay stations are "Trusted Relays."

Here is the catch: To boost the message, the relay station has to open the package, read the secret key inside, and then re-wrap it for the next leg of the journey.

The Risk: If a hacker breaks into that relay station, or if the person running it is corrupt, they can steal the secret key. The whole network relies on everyone trusting that every single post office along the way is 100% honest and secure. If one fails, the whole system is compromised.

The Solution: The "Magic Invisible Box"

The authors of this paper propose a new way called a Zero-Trust Relay Architecture. They want to build a network where the relay stations never need to see the secret key, even for a split second.

They do this using a technology called Fully Homomorphic Encryption (FHE).

The Analogy: The Glovebox

Imagine you have a pair of magical gloves (the encryption). You put your secret letter inside a locked, transparent box (the ciphertext).

Old Way (Trusted Relay): You hand the box to a relay worker. They have to take off the gloves, open the box, read the letter, write a new note, and put it back in a new box. They see the letter.
New Way (Zero-Trust): You give the worker the box with the gloves still on. The worker can reach through the gloves, perform math operations on the letter inside the box (like adding a new code), and pass it to the next person. The worker never sees the letter. They only see the box moving around.

In this paper, the "gloves" are a special mathematical code (based on something called Lattice Cryptography) that allows computers to perform the necessary "mixing" of keys without ever decrypting them.

The Three Big Upgrades

The paper introduces three main improvements to make this work:

1. The "External Generator" (Detaching the Keys)

Old Way: The QKD machine generates the secret key and uses it immediately. If the machine has a flaw, the key is bad.
New Way: The relay station has its own separate, super-secure random number generator (like a separate dice roller). It generates a fresh secret key just for the user. The QKD machine is only used to "lock" the box for the next hop.
Why it helps: If the QKD machine is compromised, the user's secret key is still safe because it was made by a different, independent device. It's like having a backup generator if the main power fails.

2. The "Magic Math" (Homomorphic Encryption)

As mentioned above, the relay stations use this special math to mix the keys. They take the incoming encrypted key, mix it with their own local key, and pass it on—all while the data remains encrypted.
The Result: Even if a relay station is hacked, the hacker only sees a jumbled mess of numbers. They cannot figure out the actual secret key.

3. The "Secret Vault" (Optional Hardware)

The paper suggests using special computer chips (like TEEs or TPMs) that act like a secure vault inside the computer. This ensures that even if someone steals the computer, they can't get the "magic gloves" (the private keys) needed to open the boxes.

Did it Work? (The Experiment)

The researchers built a real test network in Spain. They connected real QKD machines (from a company called ID Quantique) with their new software over a 1km fiber optic cable.

The Test: They sent keys through 4 different relay stations.
The Result: It worked! The keys arrived at the destination perfectly.
The Speed: It was slightly slower than the old way (about 45 milliseconds vs. 0.2 milliseconds), but the authors say this is a tiny price to pay for the massive security boost. It's like waiting an extra second at a security checkpoint to ensure no one is smuggling a bomb.

Why Does This Matter?

Currently, big projects like EuroQCI (a massive European quantum network) have to trust every single country and company along the route. If one node is weak, the whole network is weak.

This new architecture changes the game:

No more "Trusted" Nodes: You don't need to trust the people running the relay stations. You only need to trust the math.
Scalability: You can build huge networks across countries without worrying that one corrupt employee in a relay station will steal all the secrets.
Future Proof: The math used is resistant to future "Quantum Computers" that might break current codes.

Summary

Think of the current QKD network as a game of Telephone where every person in the middle is allowed to read the message before whispering it to the next person. If one person is a spy, the game is over.

This paper proposes a new game of Telephone where the message is written in invisible ink that only the sender and receiver can see. The people in the middle can pass the paper around and even add their own invisible ink to it, but they cannot read what is written. This makes the network safe even if the middlemen are untrustworthy.

Here is a detailed technical summary of the paper "Privacy Enhanced QKD Networks: Zero Trust Relay Architecture based on Homomorphic Encryption."

1. Problem Statement

Quantum Key Distribution (QKD) offers unconditional security for key exchange based on the laws of physics. However, terrestrial fiber-optic QKD networks face significant scalability challenges:

Distance Limitations: Quantum signals degrade over long distances (typically >300 km), necessitating intermediate nodes to extend the network range.
The "Trusted Relay" Bottleneck: Current solutions rely on "trusted relays" that decrypt the incoming quantum key, re-encrypt it with the next hop's key, and forward it. This process requires the key to exist in plaintext at every intermediate node.
Security Risks: If a relay node is compromised (by internal administrators or external attackers), the plaintext keys are exposed, breaking the end-to-end security of the network.
Crypto-Agility Issues: Traditional QKD modules often embed the Quantum Random Number Generator (QRNG). If a specific vendor's QRNG is found to be flawed, the entire hardware unit must be replaced, creating operational rigidity.

2. Proposed Methodology: Zero-Trust Relay Architecture

The authors propose a Zero-Trust QKD Relay (ZTQR) architecture that eliminates the need to trust intermediate nodes by applying Fully Homomorphic Encryption (FHE). The core concept allows relays to perform necessary operations (XOR for One-Time Pad re-encryption) on encrypted data without ever decrypting it.

Key Technical Components:

Homomorphic Encryption (FHE): The system utilizes the BFV (Brakerski/Fan-Vercauteren) scheme, which is based on the Ring-Learning With Errors (Ring-LWE) problem. This is considered quantum-resistant.
Decoupling Key Generation:
- Instead of using the QKD module's internal QRNG to generate the final user key, each relay node is equipped with an external QRNG.
- The QKD keys are used only for the OTP encryption between hops.
- The final key delivered to the Secure Application Entity (SAE) is generated by the local QRNG of the relay, ensuring the QKD hardware does not directly dictate the user key.
The Homomorphic XOR Process:
- In a standard relay, Node A XORs the incoming key with the next hop's key in plaintext.
- In the ZTQR architecture, the incoming key (encrypted with the destination's public key) and the next hop's key (also encrypted) are XORed within the homomorphic domain.
- Mathematical Implementation: Since XOR is equivalent to addition in the Galois Field GF(2), the system performs addition in a larger prime field $GF(p)$ and applies a final modulo 2 reduction to maintain binary consistency without generating excessive noise.
Hardware Isolation (Optional): The architecture supports integration with Trusted Execution Environments (TEEs) and Trusted Platform Modules (TPMs) to further isolate the homomorphic private keys and processing logic from the host OS.

Workflow:

Request: SAE-A requests a key from its local ZTQR.
Generation: ZTQR generates a local secret ( $k_{qrng}$ ) and fetches the QKD link key ( $k_{qkd}$ ).
Encryption: ZTQR encrypts both keys using the Public Key of the destination ZTQR.
Homomorphic Operation: ZTQR performs an XOR (addition in GF(p)) on the encrypted keys.
Propagation: The resulting ciphertext is sent to the next relay. Each subsequent relay repeats the process: it removes its own link key (via homomorphic XOR) and adds the next link key, all while the data remains encrypted under the destination's public key.
Decryption: Only the final destination ZTQR can decrypt the final ciphertext to retrieve the original $k_{qrng}$ , which is then delivered to SAE-B.

3. Key Contributions

Zero-Trust Relaying: The primary contribution is a protocol where intermediate nodes never see the plaintext key. This removes the "trusted node" assumption, mitigating risks of insider threats or node compromise.
Enhanced Crypto-Agility: By decoupling the user key generation from the QKD hardware's internal QRNG, the system allows for the replacement of random number generators without replacing the entire QKD device.
Standard Compliance: The solution is designed to integrate with existing ETSI standards (ETSI-014 for key exchange and ETSI-020 for Key Management System interoperability), ensuring compatibility with current commercial infrastructure.
Quantum Resistance: The use of LWE-based FHE ensures the relay architecture itself is resistant to future quantum computer attacks ("store now, decrypt later" scenarios).

4. Experimental Results

The authors validated the architecture using a hybrid testbed:

Setup: A 1km dark fiber link between two TECNALIA facilities in Spain, connecting simulated QKD Key Management Entities (KMEs) and five Zero-Trust Relay nodes running in Docker containers.
Performance Metrics:
- Payload Size: The homomorphic ciphertext size remained stable at approximately 347 KB, regardless of the number of hops or key length (128/256 bits). This fits well within standard HTTP server limits (e.g., Nginx, Apache).
- Processing Time: The homomorphic XOR operation took approximately 45 ms per relay (compared to <1 ms for standard XOR). While higher, this is considered manageable for key exchange frequencies.
- CPU Usage: The additional load was minimal, averaging 2% CPU usage on a single thread.
- Noise Growth: Theoretical analysis confirmed that noise growth from homomorphic additions is negligible for the intended number of hops, ensuring successful decryption at the destination.

5. Significance and Impact

Scalability: This architecture enables the deployment of large-scale, multi-party QKD networks (such as the European EuroQCI) without the security liability of trusting every intermediate node.
Practicality: Unlike quantum repeaters (which are still experimental and expensive), this solution uses existing commercial QKD hardware and standard computing resources, making it deployable immediately.
Security Paradigm Shift: It transitions QKD networks from a "perimeter-based trust" model to a "zero-trust" model, significantly raising the bar for network security against both classical and quantum adversaries.
Patent: The methodology has been filed as a patent application (EP24383397.7) by Tecnalia and the University of the Basque Country.

In conclusion, the paper demonstrates that Fully Homomorphic Encryption can effectively solve the critical "trusted relay" vulnerability in QKD networks, offering a practical, standards-compliant, and highly secure path toward scalable quantum communication infrastructure.